From: Roman Kagan <rka...@virtuozzo.com>
Even if SELinux config file and policy tools are present, SELinux may be
turned off by a setting in that config file, "SELINUX", having a value
of "disabled".
Detect this case and skip relabeling.
Signed-off-by: Roman Kagan <rka...@virtuozzo.com>
---
mlcustomize/SELinux_relabel.ml | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml
index 5ecf7bd..df1de7b 100644
--- a/mlcustomize/SELinux_relabel.ml
+++ b/mlcustomize/SELinux_relabel.ml
@@ -59,14 +59,24 @@ and use_setfiles g =
g#aug_load ();
debug_augeas_errors g;
+ let config_path = "/files/etc/selinux/config" in
+ let config_keys = g#aug_ls config_path in
+ (* SELinux may be disabled via a setting in config file *)
+ let selinux_disabled =
+ let selinuxmode_path = config_path ^ "/SELINUX" in
+ if array_find selinuxmode_path config_keys then
+ g#aug_get selinuxmode_path = "disabled"
+ else
+ false in
+ if selinux_disabled then
+ failwith "selinux disabled";
+
(* Get the SELinux policy name, eg. "targeted", "minimum".
* Use "targeted" if not specified, just like libselinux does.
*)
let policy =
- let config_path = "/files/etc/selinux/config" in
let selinuxtype_path = config_path ^ "/SELINUXTYPE" in
- let keys = g#aug_ls config_path in
- if array_find selinuxtype_path keys then
+ if array_find selinuxtype_path config_keys then
g#aug_get selinuxtype_path
else
"targeted" in
--
2.31.1
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
